We performed a comparison between IBM Security QRadar and LogRhythm SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Small or medium-sized companies generally find LogRhythm SIEM's setup to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
Comparison Results: Our users prefer LogRhythm SIEM over IBM QRadar. Users value LogRhythm SIEM for its seamless integration, effective log correlation, and efficient event filtering. LogRhythm SIEM yields a solid return on investment and offers stellar customer service. Customers find LogRhythm SIEM's pricing and licensing competitive, making it a more affordable option for those with budget constraints.
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Log aggregation and data connectors are the most valuable features."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Sentinel pricing is good"
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
"It has improved my efficiency."
"It is a very good SIEM."
"It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool."
"IBM QRadar Advisor with Watson is a stable solution."
"Flexible and valuable product that is modular, so you can easily set up a roadmap for your clients."
"QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure."
"It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
"LogRhythm does a very good job of helping SOCs manage their workflows."
"The user interface is good."
"The most valuable features would be the automation, reporting, and the support."
"The daily alerts allow me to quickly find security and operations issues which need to be addressed."
"The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
"The most valuable features of the solution are network monitoring, user behavior analytics, and log collection."
"The feature that makes it usable is the web interface."
"Overall effectiveness is very good. I like how it is oriented to both analysts and technical support people. It's easily adopted by end users as much as by technologists."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"We'd like also a better ticketing system, which is older."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The playbook is a bit difficult and could be improved."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"We are invoiced according to the amount of data generated within each log."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"QVM is another instance where they need to revise the vulnerability scoring and the proper remediation details."
"IBM is going through some problems with its resources currently making its support response time slow."
"The AI engine could be smarter."
"The solution could improve by having more out-of-the-box use cases."
"The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."
"There needs to be better integration with other applications."
"This solution is on-premise and many customers are moving to the cloud base solution."
"Pricing model could be more cost-effective."
"The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great."
"Granted, we haven't enabled the UEBA module, but we're forwarding all our proxy logs to LogRhythm and we have a really hard time pulling those proxy logs back out of LogRhythm. However, when we take LogRhythm and forward the same logs into somebody else's user-based analytics software, we get the majority of what we were missing... If we've got all our proxy logs and I go out to Google or Facebook or the like, we should be able to go in and pull that information out ten minutes later, but it's a big challenge to do that."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"There is room for improvement with separate running sources or better integration."
"I would like to see support added for Exchange 2016, and CheckPoint OPSec Lea."
"LogRhythm NextGen SIEM could improve by adding more applications for the banking sector. There are not any custom applications at this time."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"There are other security technologies outside of this SIEM that should be inside of this SIEM. I can see in their roadmap that they're trying to address a lot of these things, and have these technologies built into the solution, because there is no point in going to another vendor or opening up a second window to obtain the data that you need."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while LogRhythm SIEM is ranked 7th in Log Management with 166 reviews. IBM Security QRadar is rated 8.0, while LogRhythm SIEM is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, Elastic Security, Fortinet FortiSIEM and Sentinel, whereas LogRhythm SIEM is most compared with Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM, LogRhythm Axon and Fortinet FortiAnalyzer. See our IBM Security QRadar vs. LogRhythm SIEM report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.